aboutsummaryrefslogtreecommitdiffhomepage
path: root/middlewares/secure.js
diff options
context:
space:
mode:
Diffstat (limited to 'middlewares/secure.js')
-rw-r--r--middlewares/secure.js100
1 files changed, 49 insertions, 51 deletions
diff --git a/middlewares/secure.js b/middlewares/secure.js
index b7a18ad3e..bfd28316a 100644
--- a/middlewares/secure.js
+++ b/middlewares/secure.js
@@ -1,51 +1,49 @@
1;(function () { 1'use strict'
2 'use strict' 2
3 3var logger = require('../helpers/logger')
4 var logger = require('../helpers/logger') 4var peertubeCrypto = require('../helpers/peertubeCrypto')
5 var peertubeCrypto = require('../helpers/peertubeCrypto') 5var Pods = require('../models/pods')
6 var Pods = require('../models/pods') 6
7 7var secureMiddleware = {
8 var secureMiddleware = { 8 decryptBody: decryptBody
9 decryptBody: decryptBody 9}
10 } 10
11 11function decryptBody (req, res, next) {
12 function decryptBody (req, res, next) { 12 var url = req.body.signature.url
13 var url = req.body.signature.url 13 Pods.findByUrl(url, function (err, pod) {
14 Pods.findByUrl(url, function (err, pod) { 14 if (err) {
15 if (err) { 15 logger.error('Cannot get signed url in decryptBody.', { error: err })
16 logger.error('Cannot get signed url in decryptBody.', { error: err }) 16 return res.sendStatus(500)
17 return res.sendStatus(500) 17 }
18 } 18
19 19 if (pod === null) {
20 if (pod === null) { 20 logger.error('Unknown pod %s.', url)
21 logger.error('Unknown pod %s.', url) 21 return res.sendStatus(403)
22 return res.sendStatus(403) 22 }
23 } 23
24 24 logger.debug('Decrypting body from %s.', url)
25 logger.debug('Decrypting body from %s.', url) 25
26 26 var signature_ok = peertubeCrypto.checkSignature(pod.publicKey, url, req.body.signature.signature)
27 var signature_ok = peertubeCrypto.checkSignature(pod.publicKey, url, req.body.signature.signature) 27
28 28 if (signature_ok === true) {
29 if (signature_ok === true) { 29 peertubeCrypto.decrypt(req.body.key, req.body.data, function (err, decrypted) {
30 peertubeCrypto.decrypt(req.body.key, req.body.data, function (err, decrypted) { 30 if (err) {
31 if (err) { 31 logger.error('Cannot decrypt data.', { error: err })
32 logger.error('Cannot decrypt data.', { error: err }) 32 return res.sendStatus(500)
33 return res.sendStatus(500) 33 }
34 } 34
35 35 req.body.data = JSON.parse(decrypted)
36 req.body.data = JSON.parse(decrypted) 36 delete req.body.key
37 delete req.body.key 37
38 38 next()
39 next() 39 })
40 }) 40 } else {
41 } else { 41 logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url)
42 logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url) 42 return res.sendStatus(403)
43 return res.sendStatus(403) 43 }
44 } 44 })
45 }) 45}
46 } 46
47 47// ---------------------------------------------------------------------------
48 // --------------------------------------------------------------------------- 48
49 49module.exports = secureMiddleware
50 module.exports = secureMiddleware
51})()